Still it will be interesting to see if and when these vulnerabilities will be fixed (responsible disclosure appears to have been made, with the Trezor CTO participating in the Q&A towards the end of the video).
Even if the current holes are fixed, others will pop up. This is the nature of anything programmable and accessible. A lot of the angles in these demonstrations are rely on a fairly unlikely set of circumstances but it's still not great.
The main thing I took away from it is using a 25th password saves you from quite a few sad outcomes.